LkSG documentation and auditability
Documentation that passes audits – without an extra project
Every decision, every approval, every proof – historised. The BAFA report and internal audit exports come out of operations, not next to them.
§ 10 LkSG requires documentation and reporting. In practice, pulling proof together from emails and folders at year-end costs weeks – and gaps are inevitable. Ovenca documents the full due diligence process continuously and audit-ready.
Documentation as a by-product – not an extra task
The LkSG requires documentation of all due diligence duties and an annual report to BAFA. If you leave this to year-end, you end up in reconstruction projects. Ovenca flips the equation: every decision in the supplier portal and catalog is captured structured in the moment it happens. The annual report is then an export – not a project.
Gapless – from approval to BAFA report
Ovenca covers the four layers required by LkSG and external audit: operational trails, historised policies, supplier evidence and aggregated reports.
Operational audit trail
Every action in the system – onboarding, questionnaire answer, proof upload, approval, escalation – is logged pseudonymised and versioned.
- Who, when, what, why – for every change
- Pseudonymisation for GDPR compliance
- Read-only access for internal audit
- Export as PDF, CSV or structured data
Policy historisation
Risk categories, thresholds, questionnaires and escalation rules are versioned – including rationale on policy changes.
- Which policy applied at the time of approval?
- Mandatory rationale on every change
- Comparison between policy versions
- Auditor traceability in minutes
Supplier evidence
Certificates, self-declarations, proofs – all structured on the supplier master, with validity and expiry dates.
- Full-text search across all evidence
- Automatic expiry warnings
- Versioning on re-submissions
- Filters by risk class, commodity group, country
BAFA annual report and internal reports
Standard exports for the BAFA report per § 10 Abs. 2 LkSG and configurable reports for board, supervisory board and internal audit.
- BAFA report: 10 mandatory entries covered
- Management dashboards by risk class
- Audit export with full evidence chain
- PDF and structured data formats
Six properties that make Ovenca's documentation audit-ready
Audit readiness is not created by a button labelled 'generate report' – it comes from how data is captured. These six properties make Ovenca's documentation audit-ready.
Continuous capture
Evidence and decisions are captured at the moment they happen – not reconstructed afterwards.
Versioning, not overwriting
No change replaces the previous version. The full history stays available.
Role-based transparency
Procurement sees operations, compliance runs policies, audit reads the full trail. No role overwrites evidence.
Seven years of EU hosting
Retention inside the EU, under your control – on-premise or private cloud. Even on audits or provider changes, data sovereignty stays with you.
GDPR-compliant pseudonymisation
Personal data is captured only to the extent due diligence and evidence require it. The audit trail stays complete.
Enterprise-proven since 2014
A DAX corporation has raised audit and review requirements against Ovenca for over a decade – the result is built into the platform.
Documentation and audit – what internal audit asks
Related Solutions
Explore other solutions that complement your procurement process.
Audit readiness is built in operations, not at year-end
Let us look at your current evidence and audit processes. In a short call we will show which documentation gaps Ovenca can close without adding another system.
Discuss your audit requirements
Send us your audit requirements – we will outline how Ovenca covers them.